Award-winning news, views, and insight from the ESET security community

Fraud in (and out of) a Time of Recession

I’ve been asked several times in the past few months about links between the global recession and criminal activity, especially as related to fraud. There are, of course, those who claim that the economic situation is directly caused by "criminal" activity by politicians and banks, which is a little further than I’d care to go personally. What

I’ve been asked several times in the past few months about links between the global recession and criminal activity, especially as related to fraud. There are, of course, those who claim that the economic situation is directly caused by "criminal" activity by politicians and banks, which is a little further than I’d care to go personally. What

I’ve been asked several times in the past few months about links between the global recession and criminal activity, especially as related to fraud. There are, of course, those who claim that the economic situation is directly caused by "criminal" activity by politicians and banks, which is a little further than I’d care to go personally. What is certain, though, is that criminals have attempted to exploit the fears and uncertainties of potential victims.

For example, we see phishing mails that take the approach "in order to protect your interests in a time of recession, uncertainty, gloom and doom, we have established a new protection scheme. Please login to our web site at…" This, of course, is just another exercise in acquiring a victim’s credentials for accessing credit card accounts and other financial services.

Recently, we’ve also been seeing scams related to President Obama’s Stimulus Package, offering to help people disadvantaged by unemployment and the mortgage crisis to obtain grants. Some of these may be targeted, but today I saw a particularly fine specimen addressed to "Respective Sir or Madam!" (read "anyone I spam this to who’s dumb enough to pay me money upfront for useless information"). Did you know that the US has a Government Grants Manager who uses a Gmail address? (Thanks to Paul Ferguson for pointing that one out.)

Old hands will recognize this as yet another twist on a scam technique similar to all those Green Card Lottery scams and advance fee job scams.

(In fact, the Green Card Lottery also marked a milestone in the history of commercial spam, when a couple of lawyers called Canter & Siegel offered legal services related to the lottery, using a message spammed to thousands of Usenet newsgroups. Not a scam as such, but the first wave of an ocean of misery for email users…)

Randy’s post of a couple of days ago reminded me of some other scams I came across in a previous job, when I ran the Threat Assessment Centre for the UK’s National Health Service. The type of domain registration scam he describes there, where a web site owner is offered the "opportunity" to buy domains with similar names so that they’re not misused, was one that regularly crossed my mailbox. For instance, a hospital would be informed that someone was proposing to set up a porn site with an almost identical domain name to theirs, but that they could forestall this by buying the domain themselves.

Another commonly-seen fraud was when agencies would notify hospitals or practices (and even private individuals) that they were required to register through them with the UK’s Information Commissioner’s Office to comply with the Data Protection Act. (There is no close analogue to this Act in the US, but many European countries are required to comply with the European Community Directive on which it’s based).

In truth, many of the people and organizations who received these threatening notices were under no obligation whatsoever to register: even if they had been, there was no reason for them to do so by registering through an agency: they could do so direct with the ICO office for a flat fee far less than that demanded by agencies for an unnecessary service.

Obviously, I no longer work for the NHS, but the problem hasn’t gone away.

I seem to have moved away from recession-related fraud: I’ll come back to that theme shortly.